Events
January 26, 2022 - January 26, 2022
https://csrc.nist.gov/events/2022/nccoe-virtual-workshop-on-the-cybersecurity-of-gen
Genomic data are central to basic science research, pharmaceutical drug and vaccine development, disease diagnosis and prediction, ancestry tracing, and forensic investigations. These applications require information fidelity and appropriate availability as bad actors may wish to misuse genomic data to invade privacy, gain an unfair competitive advantage, or inflict harm with devastating impacts on individuals, companies, and nations. The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking to identify genomic data...
Publications
SP 800-121 Rev. 2 (Final)
January 19, 2022
https://csrc.nist.gov/pubs/sp/800/121/r2/upd1/final
Abstract: Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication provides information on the security capabil...
Project Pages
https://csrc.nist.gov/projects/software-identification-swid/resources
Additional resources are available for the following SWID Tag specification revisions: ISO/IEC 19770-2:2015 Revision ISO/IEC 19770-2:2015 Resources SWID Tag Validation Tool NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle: SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:...
Project Pages
https://csrc.nist.gov/projects/mcspwg/nccp
Title / Topic Description Executive Order (EO) 14028 On Improving The Nation's Cybersecurity Executive Order 14028, “Improving the Nation’s Cybersecurity” marks a renewed commitment and prioritization of federal cybersecurity modernization and strategy. To keep pace with modern technological advancements and evolving threats, the Federal Government continues to migrate to the cloud. In support of these efforts, the Secretary of Homeland Security acting through the Director of the Cybersecurity and Infrastructure Security Agency...
Events
December 2, 2021 - December 2, 2021
https://csrc.nist.gov/events/2021/federal-cybersecurity-privacy-professionals-fo-1
Presentations & Speakers at a Glance: Update from the Office of the Federal Chief Information Officer, Maria Roat (OMB) Update from GAO on the Cybersecurity & Information Security Audit Manual, Jennifer R. Franks (GAO) OMB Circular A-130 Implementation and Updates to SP 800-53 and FedRAMP, Carol Bales (OMB), Brian Conrad (GSA), and Vicky Pillitteri (NIST) Federal Zero Trust Strategy, Eric Mill (OMB) NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL...
Events
December 1, 2021 - December 1, 2021
https://csrc.nist.gov/events/2021/2nd-public-draft-sp-800-161-revision-1-workshop
Click on the image to access the 2nd public draft of Special Publication (SP) 800-161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (released October 28, 2021). PRESENTATION for WORKSHOP (.PDF) Event Description: The NIST Cybersecurity Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its 2nd public draft of Special Publication 800 – 161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity,...
Publications
SP 800-213 (Final)
November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/final
Abstract: Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help organizations consider how an IoT device they pl...
Publications
SP 800-213A (Final)
November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/a/final
Abstract: This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed from device manufacturers and other supportin...
Publications
IR 8286A (Final) (Withdrawn)
November 12, 2021
Withdrawn on December 18, 2025.
https://csrc.nist.gov/pubs/ir/8286/a/final
Abstract: This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk app...
Projects
https://csrc.nist.gov/projects/niics
[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the developers and providers of technology.
